Vulnerabilites related to golang.org/x/text - golang.org/x/text/language
cve-2022-32149
Vulnerability from cvelistv5
Published
2022-10-14 00:00
Modified
2024-08-03 07:32
Severity ?
EPSS score ?
Summary
An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| golang.org/x/text | golang.org/x/text/language |
Version: 0 ≤ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T07:32:56.022Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { url: "https://security.netapp.com/advisory/ntap-20230203-0006/", }, { tags: [ "x_transferred", ], url: "https://go.dev/issue/56152", }, { tags: [ "x_transferred", ], url: "https://go.dev/cl/442235", }, { tags: [ "x_transferred", ], url: "https://groups.google.com/g/golang-announce/c/-hjNw559_tE/m/KlGTfid5CAAJ", }, { tags: [ "x_transferred", ], url: "https://pkg.go.dev/vuln/GO-2022-1059", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { collectionURL: "https://pkg.go.dev", defaultStatus: "unaffected", packageName: "golang.org/x/text/language", product: "golang.org/x/text/language", programRoutines: [ { name: "ParseAcceptLanguage", }, { name: "MatchStrings", }, ], vendor: "golang.org/x/text", versions: [ { lessThan: "0.3.8", status: "affected", version: "0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", value: "Adam Korczynski (ADA Logics)", }, { lang: "en", value: "OSS-Fuzz", }, ], descriptions: [ { lang: "en", value: "An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.", }, ], problemTypes: [ { descriptions: [ { description: "CWE 400: Uncontrolled Resource Consumption", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-12T19:12:44.090Z", orgId: "1bb62c36-49e3-4200-9d77-64a1400537cc", shortName: "Go", }, references: [ { url: "https://go.dev/issue/56152", }, { url: "https://go.dev/cl/442235", }, { url: "https://groups.google.com/g/golang-announce/c/-hjNw559_tE/m/KlGTfid5CAAJ", }, { url: "https://pkg.go.dev/vuln/GO-2022-1059", }, ], title: "Denial of service via crafted Accept-Language header in golang.org/x/text/language", }, }, cveMetadata: { assignerOrgId: "1bb62c36-49e3-4200-9d77-64a1400537cc", assignerShortName: "Go", cveId: "CVE-2022-32149", datePublished: "2022-10-14T00:00:00", dateReserved: "2022-05-31T00:00:00", dateUpdated: "2024-08-03T07:32:56.022Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }